1. Field of the Invention
The present invention relates generally to a software development process. More particularly, the present invention relates to confidential knowledge protection in the software development process.
2. Description of the Related Art
An enterprise usually owns some critical knowledge (or called “confidential knowledge) that helps it keep the core competency among peers. The critical knowledge might be an innovative business idea, service function, unique business process or optimized IT architecture, for example. Due to the significance of such critical knowledge, enterprises have strong intention to keep it as an enterprise-wise secret or even keep it between several core members.
However, the confidential knowledge is prone to exposure for various reasons. A typical one is that enterprises often leverage external resources to develop their software systems. Although such action reduces cost and allows the enterprise to focus on its core business, the confidential knowledge is in risk of exposure to external resources.
Most of the existing solutions for confidential knowledge protection in software development can be categorized as “physical solutions” and “legal solutions”. For “physical solutions”, regulations and/or mechanisms are taken to physically prevent unauthorized persons from taking any documents, such as source codes, out of the office. For “legal solutions”, developers, external or internal, are required to sign an NDA (Non Disclosure Agreement) with the enterprise. Once the developers release any confidential knowledge without authorization, the enterprise has the right to sue them for the disclosure.
Besides the above solutions, a related method is proposed in “Manufacturing Knowledge Protection Based Supplier Selection Model” (by Wu Feng, Li Huaizu, China Mechanical Engineering, Vol. 16, No. 8, April, 2005). This method classifies suppliers based on their originality and standardization, classifies an outsourcing strategy based on the knowledge's impact on enterprise competency and its exposure possibility, and maps a supplier type to the outsourcing strategy.
In order to protect confidential knowledge, precisely differentiating confidential knowledge contained in software design from common knowledge is an important prerequisite for knowledge protection. With it, we can focus limited effort on protecting what is really important and share as much as possible non-confidential knowledge with developers for development convenience. So far, however, identification and extraction of confidential knowledge is performed manually by software system designers and the parameters, such as the proportion of confidential knowledge in the software system design, are also subjectively judged by the designers. There has not been a means found to publicly teach, using technical means, identification and extraction of confidential knowledge and determination of the proportion of confidential knowledge. Using an artificial method per se is time-consuming and energy-exhausting and cannot attain an ideal accuracy and efficiency. Furthermore, it can be imagined that, upon a necessity of developing a huge software system and the existence of a large amount of confidential knowledge, it may be unacceptable to perform artificially the identification, extraction and determination processes for the development process in terms of the accuracy, efficiency and resource consumption problems.
Moreover, the confidential knowledge protection mechanisms are selected at random at present and lack a scientific analysis and guidance.
Therefore, there is a need for a more effective method for identifying and extracting confidential knowledge embedded in software artifacts, quantifying the confidential knowledge, thereby designing appropriate protection mechanisms.